Wells Fargo recovers after site outage

Wells Fargo’s website experience intermittent outages on Tuesday, while the hacker group claiming responsibility threatened to hit U.S. Bancorp and PNC Financial Services Group over the next two days.

Wells Fargo apologized on Twitter for the disruption, saying it was working to restore access. By Wednesday morning, the site appeared to be functioning.

Original article at HITB

Galaxy S III USSD Wiping Exploit Already Fixed

Samsung’s Galaxy smartphones have been recently said to be vulnerable to a specific exploit that could result in the entire device being wiped clean from the browser through the use of a USSD code.

However, it appears that Samsung was actually capable of patching the USSD exploit, and that most of its Galaxy S III devices are safe from it.

Original article at HITB

Chinese hackers steal files from SCADA maker

A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.

Original article at HITB

Maker of Smart-Grid Control Software Hacked

The maker of an industrial control system designed to be used with so-called smart grid networks disclosed to customers last week that hackers had breached its network and accessed project files related to a control system used in portions of the electrical grid.

Telvent, which is owned by Schneider Electric, told customers in a letter that on Sept. 10 it learned of the breach into its network. The attackers installed malicious software on the network and also accessed project files for its OASyS SCADA system, according to KrebsOnSecurity, which first reported the breach.

According to Telvent, its OASyS DNA system is designed to integrate a utility’s corporate network with the network of control systems that manage the distribution of electricity and to allow legacy systems and applications to communicate with new smart grid technologies.

Telvent calls OASyS “the hub of a real-time telemetry and control network for the utility grid,” and says on its website that the system “plays a central role in Smart Grid self-healing network architecture and improves overall grid safety and security.”

But according to Dale Peterson, founder and CEO of Digital Bond, a security firm that specializes in industrial control system security, the OASyS DNA system is also heavily used in oil and gas pipeline systems in North America, as well as in some water system networks.

The breach raises concerns that hackers could embed malware in project files to infect the machines of program developers or other key people involved in a project. One of the ways that Stuxnet spread — the worm that was designed to target Iran’s uranium enrichment program — was to infect project files in an industrial control system made by Siemens, with the aim of passing the malware to the computers of developers.

Peterson says this would also be a good way to infect customers, since vendors pass project files to customers and have full rights to modify anything in a customer’s system through the project files.

An attacker could also use the project files to study a customer’s operations for vulnerabilities in order to design further attacks on critical infrastructure systems. Or they could use Telvent’s remote access into customer networks to infiltrate customer control systems.

To prevent the latter from occurring, Telvent said in a second letter mailed to customers this week that it had temporarily disconnected its remote access to customer systems, which it uses to provide customer support, while it investigates the breach further.

“Although we do not have any reason to believe that the intruder(s) acquired any information that would enable them to gain access to a customer system or that any of the compromised computers have been connected to a customer system, as a further precautionary measure, we indefinitely terminated any customer system access by Telvent,” the company said in the letter, obtained by KrebsOnSecurity.

The company said it had established “new procedures to be followed until such time as we are sure that there are not further intrusions into the Telvent network and that all virus or malware files have been eliminated.”

A hack via a vendor’s remote access to a customer’s network is one of the primary ways that attackers get into systems. Often, intrusions occur because the vendor has placed a hardcoded password into its software that gives them access to customer systems through a backdoor — such passwords can be deciphered by attackers who examine the software. Attackers have also hacked customer systems by first breaching a vendor’s network and using its direct remote access to breach customers.

A Telvent spokesman confirmed the breach of its own network to Wired on Tuesday.

“We are aware of a security breach of our corporate network that has affected some customer files,” spokesman Martin Hannah told Wired in a phone call. “We’re working directly with our customers, and they are taking recommended actions with the support of our Telvent teams. And Telvent is actively working with law enforcement, with security specialists and with customers to ensure that this breach has been contained.”

Hannah wouldn’t say whether attackers had downloaded the project files or altered them.

Project files contain a wealth of customized information about a specific customer’s network and operations, says Patrick Miller, president and CEO of EnergySec, a nonprofit consortium that works with energy companies to improve security.

“Almost all of them will give you some details about the architecture and, depending on the nature of the project, it may go deeper,” he says. Project files can also identify key players in a project, in order to allow hackers to conduct additional targeted attacks, he said.

Additionally, project files could be altered to sabotage systems, he says. Some project files contain the “recipe” for the operations of a customer, describing calculations and frequencies at which systems run or when they should be turned on or off.

“If you’re going to do a sophisticated attack, you get the project file and study it and decide how you want to modify the pieces of the operation,” Peterson says. “Then you modify the project file and load it, and they’re not running what they think they’re running.”

A vendor with good security would have a system in place to log who accesses project files and track any changes made to them. But, Peterson, noted, companies don’t always do what they should do, with regard to security.

Two days after Telvent says it discovered the breach in its network, the company announced a new partnership with Industrial Defender, a U.S.-based computer security firm, to integrate that company’s Automation Systems Manager with its own system to “expand its cybersecurity capabilities” for critical infrastructure.

The ASM system, Telvent said, would give critical infrastructure operators “the ability to determine changes to the system, who made them and why” as well as detect new devices when they’re connected to the network, “allowing for faster decision-making as to whether a change is planned or potentially malicious.”

Industrial Defender did not respond to questions about the Telvent breach or the timing of its partnership with the company.

Miller said he expects that copycat attacks will now recognize the value of attacking industrial control system vendors and begin to attack other vendors after this, if they haven’t already done so.

“If I were a vendor and knew this had happened to Telvent, I should be concerned, ‘Am I next?’”

Original article at Wired

Samsung has already patched ‘dirty USSD’ vulnerability for Galaxy S III

If you were worried about stumbling onto a malicious website and accidentally wiping your Samsung Galaxy S III or other TouchWiz smartphone or slate, you can probably breathe easy. It’s likely you already have firmware on your device which isn’t vulnerable to the so-called dirty USSD code, and if not, you can download it now, according to Samsung. The company issued the following statement on the matter: “We would like to assure our customers that the recent security issue concerning the Galaxy S III has already been resolved through a software update. We recommend all Galaxy S III customers download the latest software update, which can be done quickly and easily via the Over-The-Air (OTA) service.” It turns out we couldn’t reproduce the bug earlier as we already had the latest update, and you should probably check to see that you do, as well. Meanwhile, we’re also checking to see if other Touchwiz devices have been patched, so don’t forget to watch what you click.

Original article at Engadget

Mailstore Home 7.1: Email backup software update available

Mailstore Home is my go-to software when it comes to backing up email and migrating email between programs and computer systems. I’m using it to speed up Thunderbird by backing up and removing old emails from the application to lighten its load, and to backup Gmail, Hotmail or Yahoo Emails.

The developers of Mailstore have just released version 7.1 of the program introducing official support for Microsoft’s Windows 8 operating system. This is the only new feature addition to the application. Four additional changes have been made to the program, of which two are bug fixes for issues that some users may have encountered while using the application.

  • The authentication mechanism Digest MD5 is no longer usable in combination with the IMAP protocol
  • Changed E-mail messages that (because of an error) still exist in the search index, but not in the database, are longer contained in search results
  • Fixed Debug log files have an incorrect name under certain circumstances
  • Fixed Outlook MSG files whose Internet Headers property does not end with a line break can’t be read by MailStore

Original article at Ghacks